org.springframework.security.web.csrf
Class CsrfToken

java.lang.Object
  extended by org.springframework.security.web.csrf.CsrfToken
All Implemented Interfaces:
Serializable

public final class CsrfToken
extends Object
implements Serializable

A CSRF token that is used to protect against CSRF attacks.

Since:
3.2
See Also:
Serialized Form

Constructor Summary
CsrfToken(String headerName, String parameterName, String token)
          Creates a new instance
 
Method Summary
 String getHeaderName()
          Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
 String getParameterName()
          Gets the HTTP parameter name that should contain the token.
 String getToken()
          Gets the token value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CsrfToken

public CsrfToken(String headerName,
                 String parameterName,
                 String token)
Creates a new instance

Parameters:
headerName - the HTTP header name to use
parameterName - the HTTP parameter name to use
token - the value of the token (i.e. expected value of the HTTP parameter of parametername).
Method Detail

getHeaderName

public String getHeaderName()
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter. Cannot be null.

Returns:
the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter

getParameterName

public String getParameterName()
Gets the HTTP parameter name that should contain the token. Cannot be null.

Returns:
the HTTP parameter name that should contain the token.

getToken

public String getToken()
Gets the token value. Cannot be null.

Returns:
the token value